Signature Detail

MS-RPC: SPOOLSS Buffer Overflow (1)

This signature detects attempts to exploit a known vulnerability against Microsoft Windows SPOOLSS service. Because of improper bounds checking in the Print Spooler service, an attacker can trigger a buffer overflow in the affected system. This action can lead to arbitrary code execution at System level privileges.

Extended Description

Microsoft Windows Print Spooler service is prone to a buffer-overflow vulnerability. Specifically, this issue occurs when the Print Spooler service handles malformed messages containing excessive data. Exploiting this vulnerability allows attackers to escalate their privileges and gain unauthorized remote access, depending on the underlying operating system. A successful attack may allow an attacker to execute arbitrary code, which can allow the attacker to gain SYSTEM privileges.

Affected Products

• Microsoft Windows 2000 Advanced Server SP1
• Microsoft Windows 2000 Advanced Server SP2
• Microsoft Windows 2000 Advanced Server SP3
• Microsoft Windows 2000 Advanced Server SP4
• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server SP1
• Microsoft Windows 2000 Datacenter Server SP2
• Microsoft Windows 2000 Datacenter Server SP3
• Microsoft Windows 2000 Datacenter Server SP4
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server
• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Home
• Microsoft Windows XP Media Center Edition SP1
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Media Center Edition
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional
• Microsoft Windows XP Tablet PC Edition SP1
• Microsoft Windows XP Tablet PC Edition SP2
• Microsoft Windows XP Tablet PC Edition

References

• BugTraq: 14514
• CVE: CVE-2005-1984
• URL: http://www.microsoft.com/technet/Security/bulletin/ms05-043.mspx
• URL: http://oval.mitre.org/oval/definitions/data/oval100077.html
• URL: http://www.us-cert.gov/cas/techalerts/TA05-221A.html